CVE List - 2024 / November
Showing 1301 - 1400 of 4054 CVEs for November 2024 (Page 14 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-28726 | 2024-11-12 | An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload... |
| CVE-2024-28728 | 2024-11-12 | Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a... |
| CVE-2024-28729 | 2024-11-12 | An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. |
| CVE-2024-28730 | 2024-11-12 | Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the... |
| CVE-2024-28731 | 2024-11-12 | Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via... |
| CVE-2024-51093 | 2024-11-12 | Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload... |
| CVE-2024-51094 | 2024-11-12 | An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses... |
| CVE-2024-51179 | 2024-11-12 | An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and... |
| CVE-2024-48075 | 2024-11-12 | A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS... |
| CVE-2024-42372 | 2024-11-12 | Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory) |
| CVE-2024-47586 | 2024-11-12 | NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-47587 | 2024-11-12 | Missing authorization check in SAP Cash Management (Cash Operations) |
| CVE-2024-47588 | 2024-11-12 | Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager) |
| CVE-2024-47590 | 2024-11-12 | Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher |
| CVE-2024-47592 | 2024-11-12 | Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application) |
| CVE-2024-47593 | 2024-11-12 | Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-47595 | 2024-11-12 | Local Privilege Escalation in SAP Host Agent |
| CVE-2024-11096 | 2024-11-12 | code-projects Task Manager newProject.php sql injection |
| CVE-2024-8881 | 2024-11-12 | A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute... |
| CVE-2024-8882 | 2024-11-12 | A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial... |
| CVE-2024-49393 | 2024-11-12 | Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing |
| CVE-2024-11097 | 2024-11-12 | SourceCodester Student Record Management System Main Menu infinite loop |
| CVE-2024-11099 | 2024-11-12 | code-projects Job Recruitment login.php sql injection |
| CVE-2024-49394 | 2024-11-12 | Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing |
| CVE-2024-49395 | 2024-11-12 | Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block |
| CVE-2024-49560 | 2024-11-12 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
| CVE-2024-49558 | 2024-11-12 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation... |
| CVE-2024-10695 | 2024-11-12 | Futurio Extra <= 2.0.13 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10672 | 2024-11-12 | Multiple Page Generator Plugin – MPG <= 4.0.2 - Authenticated (Editor+) Directory Traversal to Limited File Deletion |
| CVE-2024-10685 | 2024-11-12 | Contact Form 7 Redirect & Thank You Page <= 1.0.6 - Reflected Cross-Site Scripting |
| CVE-2024-10538 | 2024-11-12 | Happy Addons for Elementor <= 3.12.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison |
| CVE-2024-49557 | 2024-11-12 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access... |
| CVE-2024-11100 | 2024-11-12 | 1000 Projects Beauty Parlour Management System index.php sql injection |
| CVE-2024-48837 | 2024-11-12 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to... |
| CVE-2024-48838 | 2024-11-12 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this... |
| CVE-2024-11101 | 2024-11-12 | 1000 Projects Beauty Parlour Management System search-invoices.php sql injection |
| CVE-2024-11102 | 2024-11-12 | SourceCodester Hospital Management System edit-doc.php cross site scripting |
| CVE-2024-29075 | 2024-11-12 | Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings... |
| CVE-2024-45827 | 2024-11-12 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited,... |
| CVE-2024-9357 | 2024-11-12 | xili-tidy-tags <= 1.12.04 - Reflected Cross-Site Scripting |
| CVE-2024-10790 | 2024-11-12 | Admin and Site Enhancements (ASE) <= 7.5.1 - Authenticated Stored Cross-Site Scripting via SVG |
| CVE-2024-47799 | 2024-11-12 | Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated... |
| CVE-2024-9835 | 2024-11-12 | RSS Feed Widget < 3.0.1 - Reflected XSS |
| CVE-2024-9836 | 2024-11-12 | RSS Feed Widget < 3.0.0 - Contributor+ Stored XSS |
| CVE-2024-10179 | 2024-11-12 | Slickstream: Engagement and Conversions <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slick-grid Shortcode |
| CVE-2024-10323 | 2024-11-12 | JetWidgets For Elementor <= 1.0.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10245 | 2024-11-12 | Relais 2FA <= 1.0 - Authentication Bypass |
| CVE-2024-11121 | 2024-11-12 | 上海灵当信息科技有限公司 Lingdang CRM index.php sql injection |
| CVE-2024-11122 | 2024-11-12 | 上海灵当信息科技有限公司 Lingdang CRM index.php unrestricted upload |
| CVE-2023-32736 | 2024-11-12 | A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions... |
| CVE-2024-29119 | 2024-11-12 | A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate... |
| CVE-2024-36140 | 2024-11-12 | A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS)... |
| CVE-2024-44102 | 2024-11-12 | A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1... |
| CVE-2024-46888 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and... |
| CVE-2024-46889 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow... |
| CVE-2024-46890 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web... |
| CVE-2024-46891 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could... |
| CVE-2024-46892 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or... |
| CVE-2024-46894 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users"... |
| CVE-2024-47783 | 2024-11-12 | A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged... |
| CVE-2024-47808 | 2024-11-12 | A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to... |
| CVE-2024-47940 | 2024-11-12 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated... |
| CVE-2024-47941 | 2024-11-12 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated... |
| CVE-2024-47942 | 2024-11-12 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to... |
| CVE-2024-50310 | 2024-11-12 | A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote... |
| CVE-2024-50313 | 2024-11-12 | A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions <... |
| CVE-2024-50557 | 2024-11-12 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2024-50558 | 2024-11-12 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2024-50559 | 2024-11-12 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2024-50560 | 2024-11-12 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2024-50561 | 2024-11-12 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2024-50572 | 2024-11-12 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2024-11123 | 2024-11-12 | 上海灵当信息科技有限公司 Lingdang CRM pdf.php path traversal |
| CVE-2024-11124 | 2024-11-12 | TimGeyssens UIOMatic uioMaticObject.r sql injection |
| CVE-2024-11125 | 2024-11-12 | GetSimpleCMS profile.php cross-site request forgery |
| CVE-2024-11126 | 2024-11-12 | Digistar AG-30 Plus Login Page excessive authentication |
| CVE-2024-50386 | 2024-11-12 | Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure |
| CVE-2024-51562 | 2024-11-12 | bhyve(8) nvme_opc_get_log_page buffer over-read |
| CVE-2024-8074 | 2024-11-12 | Sensetive Data Exposure in Nomysoft Informatics' Nomysem |
| CVE-2024-51563 | 2024-11-12 | bhyve(8) virtio_vq_recordon time-of-check to time-of-use race |
| CVE-2024-51564 | 2024-11-12 | bhyve(8) infinite loop in the hda audio driver |
| CVE-2024-37365 | 2024-11-12 | FactoryTalk View ME Remote Code Execution Vulnerability via Project Save Path |
| CVE-2024-51565 | 2024-11-12 | bhyve(8) hda driver buffer over-read |
| CVE-2024-51566 | 2024-11-12 | bhyve(8) NVMe driver to guest-induced infinite loops. |
| CVE-2024-11127 | 2024-11-12 | code-projects Job Recruitment admin.php sql injection |
| CVE-2024-11130 | 2024-11-12 | ZZCMS msg.php cross site scripting |
| CVE-2024-42442 | 2024-11-12 | Runtime Service Access outside SMRAM |
| CVE-2024-33660 | 2024-11-12 | Potential Firmware update without integrity check |
| CVE-2024-33658 | 2024-11-12 | Buffer Overflow Vulnerability In OFBD |
| CVE-2024-2315 | 2024-11-12 | SMM arbitrary code execution in Overclock |
| CVE-2024-39281 | 2024-11-12 | Unbounded allocation in ctl(4) CAM Target Layer |
| CVE-2024-45289 | 2024-11-12 | Unbounded allocation in ctl(4) CAM Target Layer |
| CVE-2024-50317 | 2024-11-12 | A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-50318 | 2024-11-12 | A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-50319 | 2024-11-12 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-50320 | 2024-11-12 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-50321 | 2024-11-12 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-50331 | 2024-11-12 | An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. |
| CVE-2024-50322 | 2024-11-12 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. |
| CVE-2024-50323 | 2024-11-12 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. |